Some articles have been translated from English by a machine translation system. They may contain inaccuracies or grammatical errors. We strive to make our articles as useful as possible. You can indicate under this article if the information is useful. You can also switch to the English version at the bottom right to see the original text.
What is a security threat?
A security threat is a risk that can harm computer systems and an organization. It can be caused by a physical act, such as the theft of a computer containing important data. It can also be caused by a non-physical act, such as a virus attack.
Why do I need to protect my NAS?
- To protect your confidential information and the confidential information of your users or your customers
- Improve security to prevent data loss
Use a strong password
It is recommended that you use a strong password consisting of letters, numbers, and special characters. Using a common password is a loophole for hackers. If your account is compromised, hackers can easily take control of other accounts.
To change the password, select Options > Personal > Password and click Change Password.
Enable 2-step authentication
Enable 2-step authentication to increase the security of your DSM account. If 2-step authentication is enabled, a password will be required in addition to the one-time verification code when logging in to DSM. Verification codes can be obtained from the verification apps installed on your mobile device. Therefore, if someone wants to access your account, not only your username and password but also your mobile device will be required.
Disabling the “admin” account
By default, your NAS has an admin account. Since admin is a common username1, a hacker only needs to guess your password to break into your account. Disabling the default “admin” account and creating a new account with a creative or specific username gives the hacker less ability to log into your account.
To disable the “admin” account, log in with another admin account and select Control Panel > Users and Groups. Select admin and click Edit, then select the Disable this account check box.
When creating a new user name for the administrator account, do not use root or administrator. These popular usernames are often used when trying to log in maliciously.
Protecting your devices
Ensure that your NAS is regularly updated
Synology offers DSM updates when new features or security enhancements are added or when errors are corrected, in order to enhance system performance and stability.
Synology NAS can also be configured to send notifications when certain events or errors occur via e-mail, SMS, mobile devices or web browsers. For example, the system can automatically send notifications when a network connection is lost or a power failure occurs. Enabling notifications allows you to immediately detect NAS failure and prevent unauthorized access to your NAS.
Launching the Security Advisor
Security Advisor is a pre-installed security application that scans your DSM and NAS settings. Security Advisor scans the following areas of the DSM and NAS, checking settings and recommending changes to help protect your Synology NAS.
Unauthorized access protection
Enabling auto blocking
The auto-blocking feature enhances your Synology NAS by blocking the IP addresses of clients with too many failed login attempts. This reduces the risk of accounts being compromised by brute force attacks.
Enabling account security
Account protection protects Synology NAS accounts from untrusted clients that have made too many failed login attempts. This minimizes the risk of brute-force attacks on your accounts.
A certificate can be used to secure SSL services on your Synology NAS, such as web services (all HTTPS services), mail, or FTP. The certificate allows users to authenticate the server and administrator before sending sensitive information.
Synology offers a free and secure SSL/TLS certificate from Let’s Encrypt.
Enabling the firewall
Like a PC, a NAS device also has a firewall. Enabling the firewall, creating firewall rules and configuring firewall settings prevents unauthorized entry and control of service access. You can allow or deny access to individual network ports on specific IP addresses.